您的位置:首页 > 其它

logstash mutate 类型转换

2017-01-11 10:28 295 查看 
logstash-filter-mutate 插件是Logstash 另一个重要插件,它提供了丰富的基础类型数据处理能力,包括类型转换,字符串处理和字段处理等

1.类型转换

类型转换是logstash-filter-mutate 插件最初诞生时的唯一功能,

可以设置的转换类型包括:"integer","float" 和 "string"。示例如下:

input {
stdin {
}
}

filter {
grok {
match =>{
"message" =>"(?<request_time>\d+(?:\.\d+)?)"
}
}
}
output {
stdout {
codec =>rubydebug
}
}

[elk@Vsftp logstash]$ logstash -f t2.conf
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
"message" => "23.45",
"@version" => "1",
"@timestamp" => "2017-01-11T02:07:33.581Z",
"host" => "Vsftp",
"request_time" => "23.45"
}

字符串 转换为float型

[elk@Vsftp logstash]$ cat t2.conf
input {
stdin {
}
}

filter {
grok {
match =>{
"message" =>"(?<request_time>\d+(?:\.\d+)?)"
}
}
mutate {
convert => ["request_time", "float"]
}
}
output {
stdout {
codec =>rubydebug
}
}

[elk@Vsftp logstash]$ logstash -f t2.conf
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
"message" => "23.45",
"@version" => "1",
"@timestamp" => "2017-01-11T02:10:07.045Z",
"host" => "Vsftp",

字符串转换成数值型:

[elk@Vsftp logstash]$ cat t2.conf
input {
stdin {
}
}

filter {
grok {
match =>{
"message" =>"(?<request_time>\d+(?:\.\d+)?)"
}
}
mutate {
convert => ["request_time", "integer"]
}
}
output {
stdout {
codec =>rubydebug
}
}

[elk@Vsftp logstash]$ logstash -f t2.conf
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
"message" => "23.45",
"@version" => "1",
"@timestamp" => "2017-01-11T02:11:21.071Z",
"host" => "Vsftp",
"request_time" => 23
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航